{
  "url": "https://unifast.dev/zh-CN/docs/packages/node/sanitize/",
  "locale": "zh-CN",
  "title": "sanitize()",
  "description": "创建一个净化插件，从编译输出中剥离危险的 HTML 标签、属性和 URL 协议。",
  "section": "packages",
  "body": "```ts\n\n```\n\n## 签名\n\n```ts\nfunction sanitize(options?: SanitizePluginOptions): UnifastPlugin\n```\n\n## 参数\n\n### options?\n\n净化配置\n\n| 属性 | 类型 | 默认值 | 描述 |\n|----------|------|---------|-------------|\n| `enabled` | `boolean` | `true` | 启用或禁用净化 |\n| `schema` | `SanitizeSchema` | — | 自定义的净化 schema |\n\n#### SanitizeSchema\n\n| 属性 | 类型 | 描述 |\n|----------|------|-------------|\n| `allowedTags` | `string[]` | 允许保留的 HTML 标签名（其他都会被剥离） |\n| `allowedAttributes` | `Record<string, string[]>` | 每个标签允许保留的属性名 |\n| `allowedProtocols` | `Record<string, string[]>` | 每个属性允许使用的 URL 协议 |\n\n## 用法\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      enabled: true,\n      schema: {\n        allowedTags: [\"h1\", \"h2\", \"h3\", \"p\", \"a\", \"strong\", \"em\", \"code\", \"pre\", \"img\", \"ul\", \"ol\", \"li\", \"blockquote\", \"table\", \"thead\", \"tbody\", \"tr\", \"th\", \"td\"],\n        allowedAttributes: {\n          a: [\"href\", \"title\", \"target\"],\n          img: [\"src\", \"alt\", \"width\", \"height\"],\n          code: [\"class\"],\n          pre: [\"class\"],\n        },\n        allowedProtocols: {\n          href: [\"https\", \"http\", \"mailto\"],\n          src: [\"https\", \"http\"],\n        },\n      },\n    }),\n  ],\n});\n```\n\n## 示例\n\n### 剥离危险 HTML\n\n```ts\n\nconst untrustedMd = `\n# Hello\n\n<script>alert(\"xss\")</script>\n\n<img src=\"x\" onerror=\"alert('xss')\">\n\n[Click me](javascript:alert('xss'))\n`;\n\nconst result = compile(untrustedMd, {\n  plugins: [sanitize()],\n});\n\nconsole.log(result.output);\n// <script> tags, onerror attributes, and javascript: URLs are removed\n```\n\n### 自定义允许的标签\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      schema: {\n        allowedTags: [\"p\", \"a\", \"strong\", \"em\", \"code\", \"pre\"],\n      },\n    }),\n  ],\n});\n\nconsole.log(result.output);\n// Only the specified tags are kept; all others are stripped\n```\n\n### 限制 URL 协议\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      schema: {\n        allowedProtocols: {\n          href: [\"https\", \"mailto\"],\n          src: [\"https\"],\n        },\n      },\n    }),\n  ],\n});\n\nconsole.log(result.output);\n// Only https: and mailto: links are allowed\n```\n\n### 禁用净化\n\n```ts\n\nconst result = compile(md, {\n  plugins: [sanitize({ enabled: false })],\n});\n\nconsole.log(result.output);\n// No sanitization applied — use only with trusted input\n```",
  "alternates": [
    {
      "locale": "en",
      "url": "https://unifast.dev/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ja",
      "url": "https://unifast.dev/ja/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ja/docs/packages/node/sanitize.json"
    },
    {
      "locale": "zh-CN",
      "url": "https://unifast.dev/zh-CN/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/zh-CN/docs/packages/node/sanitize.json"
    },
    {
      "locale": "zh-TW",
      "url": "https://unifast.dev/zh-TW/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/zh-TW/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ko",
      "url": "https://unifast.dev/ko/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ko/docs/packages/node/sanitize.json"
    },
    {
      "locale": "fr",
      "url": "https://unifast.dev/fr/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/fr/docs/packages/node/sanitize.json"
    },
    {
      "locale": "it",
      "url": "https://unifast.dev/it/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/it/docs/packages/node/sanitize.json"
    },
    {
      "locale": "es",
      "url": "https://unifast.dev/es/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/es/docs/packages/node/sanitize.json"
    },
    {
      "locale": "pt-BR",
      "url": "https://unifast.dev/pt-BR/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/pt-BR/docs/packages/node/sanitize.json"
    },
    {
      "locale": "de",
      "url": "https://unifast.dev/de/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/de/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ru",
      "url": "https://unifast.dev/ru/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ru/docs/packages/node/sanitize.json"
    },
    {
      "locale": "hi",
      "url": "https://unifast.dev/hi/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/hi/docs/packages/node/sanitize.json"
    },
    {
      "locale": "id",
      "url": "https://unifast.dev/id/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/id/docs/packages/node/sanitize.json"
    },
    {
      "locale": "tr",
      "url": "https://unifast.dev/tr/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/tr/docs/packages/node/sanitize.json"
    },
    {
      "locale": "vi",
      "url": "https://unifast.dev/vi/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/vi/docs/packages/node/sanitize.json"
    }
  ]
}